About Me

My name is Ross Hosman and I'm a Cloud Hosting fanatic as well as security geek! I love the idea of Cloud and being able to build massive infrastructures at the click of a button, so much that I have tried nearly every cloud out there. I'm also a security geek so I love looking at new technology to see how it works and how it can possible be compromised or more secure with other technologies. These days I spend a lot of time tinkering with technologies like DNSSEC, RASP, Container Security and Automated Security Remediation technologies. I'm currently employed as the Chief Information Security Officer at Drata in Colorado.

In my spare time I really enjoy hiking the beautiful mountains of Colorado and travelling to new places for new adventures!

Contact Details

Ross Hosman
Colorado, US
(720) 808-0222
ross @ ruselabs.com
site: www.ruselabs.com
site: www.ross.is

Work

Drata

Chief Information Security Officer July 2021 - November 2022

Drata is a startup in the security and compliance automation space started in late 2020. Drove product vision to deliver Automated Trust Center and ensuring we filed patents for it.

- Built our Security, Compliance and IT teams to support the business going from 30 employees to 300+ in a year
- Built a Zero Trust security architecture while enabling the business
- Defeated external Red Team adversary with no findings and no flags captured
- Achieved SOC1/2/3, ISO27001, HIPAA, PrivacyShield as well as met GDPR and CCPA
- Helped direct the company into a solid growth strategy

Sigma Computing

Head of Information Security October 2019 - July 2021

Sigma Computing is a startup based in San Francisco in the Analytics and BI space. We are growing at a unicorn pace with customers in all different market segments adopting our platform. Sigma recruited me to build out the Information Security, IT and GRC (Governance, Risk and Compliance) programs in the company.

- Created an enterprise class security organization from the ground up that could support enterprise clients and their security needs. Focus areas included: Cloud Security, Container Security, Application Security, SaaS Security, Security in the CI/CD pipeline, etc.
- Built out the compliance program to ensure we met SOC 1, SOC 2, SOC 3, and HIPAA requirements.
- Built an IT organization that could support faster internet connectivity, wireless, conferencing, helpdesk and mobile device management.

Recurly

Head of Information Security September 2018 - October 2019

Lead, expand and upli the Information Security and Compliance teams at Recurly. Transition Recurly from a late stage startup with a traditional data center infrastructure model into a company that runs cloud native with a security/compliance program that supports the model. Ensure security/compliance in our cloud environments with cloud native tools and automated remediation.

- Build maturing into the information security and compliance programs.
- Automate security for cloud environments for rapid remediation.
- Enable new compliance initiatives such as SOC 2, GDPR, CCPA, etc.

JP Morgan Chase & Co

Head of Cloud Security October 2016 - September 2018

As the leader for cloud security at JP Morgan Chase I was tasked with building out and leading the cloud security team for one of the largest financial institutions in the world. Our goal was to design/build/implement security solutions for a multi-cloud environment that offered rapid automatic remediation of security issues in a fast paced cloud/container environment.

- Build a team from two people to over 14 cloud professionals all who became AWS Certified Solutions Architects.
- Set and implement a security strategy around automated remediation of security issues in a multi-cloud environment.
- Own security for multiple public cloud, private cloud and container environments.

Cisco Systems

Sr. Cloud Security Architect August 2015 - May 2016

Cisco's Intercloud is an ambitious project to bring your clouds together. Cisco Cloud Services is a talented team of people that build these clouds and with the acquisitions of Piston Computing as well as Metacloud we are bringing managed OpenStack to the enterprise along with cutting edge features (e.g. Cisco ACI).

- Lead security Architecture around platform and services (BDaaS, LaaS, NFV, vMS) in a cloud that leverages the latest SDN solutions.
- Work on Anti-DDoS solutions to protect the cloud
- Virtualizing existing security solutions (FW, WAF, etc.)
- Security Log Analytics - SIEM

VMware

Cloud Security Architect May 2014 - August 2015

As part of the VMware OneCloud team I handle all the security architecture design. OneCloud is an internal cloud used by all different departments. Currently it spans three continents and includes over 100,000 virtual machines. Our job is to run VMware products at scale and as part of the R&D division test new code before it is released. My job is to manage the security around the OneCloud product from design to implementation as well as operations. Working with other teams / stakeholders to make sure we are meeting their needs and coming up with new ways to improve our products from a security viewpoint.

- Deploy security stack in an all virtual environment which allows for IPS, DLP, Network Forensics, etc.
- Deploy NGFWs to give better visibility into the traffic that transits our networks
- Work with team members to implement security standards / process
- Work with internal security teams to ensure compliance with corporate standards
- Work with security partners to offer feedback on their products and deploying them at scale

For a full work history please check out my Linkedin profile here.

Skills

Over the years I have had the opportunity to work at many different types of organizations including Government, Telcos and High Tech. This has provided me the ability to learn many different areas in the Information Security field.

  • Cloud Security
  • Infrastructure Security
  • Application Security
  • Programming (Python, Perl)
  • Compliance
  • Security Management

Testimonials

  • Ross is a wonderfully skilled and highly motivated individual who provided significant contributions to our organizations.
    In addition to his technical depth/aptitude, Ross has a deep seeded passion for technology and hosting areas. His knowledge of internet, cloud and hosting industries is quite amazing, along with his list of external contacts. Long after Ross left my organization, I continued to consult with him on evolving business/technical items.
    His willingness/ability to learn, coupled with his openly honest dialog are great attributes. It's uncommon to have such a bright technical mind who is equally "dialed-in" to business issues, competitive landscape considerations and evolving technology trends.

    Don Bertier - CIO - MOHELA
  • Ross is an exceptional employee, with professional interest that extends far beyond what is required for him to perform in an exceptional manner. Ross has high ethical standards, with a strong commitment to not only personal performance, but group and company performance. A highly recommended individual!

    Kirk Thomas - CIO - Savvis
  • Ross is one of the best security leader I have ever worked with. Not only does he know how to run successful security & compliance programs, he also possesses deep technical knowledge of various cloud technologies offered by AWS and Google. This unique combination of skills instilled confidence in the public cloud infrastructure that was deployed and also ensured the company have sustained security culture and compliance program. I would strongly recommend Ross to anyone looking for a solid Security & Compliance leader.

    Stephanus Setiawan - VP Techops & Security - Recurly
  • Ross has an incredible knack for cultivating cloud security professionals; his ability to find, recruit, and lead talent is truly awe-inspiring. His passion for cloud security is abundant, and he manages to instill this sentiment in his entire team. I've never seen such commitment to a team nor experienced such camaraderie as I did when working with Ross and the cloud security team at JPMC.

    Ryan Weigand - VP Cloud Security - JP Morgan Chase & Co
  • I got to know Ross first time when we worked together but in different teams on security for Cisco's Intercloud Services, and later when he persuaded me to come over and work for him in his team at JP Morgan Chase, on their public cloud program.
    For Cisco's Intercloud we worked on the architecture for an Openstack-based cloud platform with Cisco ACI and SDN at the core, as well as a wide variety of the security services for the platform (DDOS, WAF, authentication services etc.). When Cisco decided to shut down their Intercloud I had no hesitation to come over and join him at JPMC.
    As a security professional I think he is brilliant, with a lot of common sense, loads of technical skills, and solid industry knowledge. As a manager he's well liked and respected by his peers and reports, and he has been able to build a world-class security team around him.
    I would be very happy to work with him a third time, if the opportunity should come up again, and would be very happy to recommend him to anyone who's looking for a solid security professional.

    Ove Hansen - VP Cloud Security - JP Morgan Chase & Co